Skills
NYC
skills/daymade/claude-code-skills/claude-skills-troubleshooting/Gen Agent Trust Hub

claude-skills-troubleshooting

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill utilizes local Python scripts (diagnose_plugins.py and enable_all_plugins.py) to manage the agent's configuration. These scripts are invoked via bash commands provided in the documentation.
  • DATA_EXPOSURE (MEDIUM): The scripts access ~/.claude/settings.json and ~/.claude/plugins/installed_plugins.json. These files represent the agent's security and feature state. Reading these files exposes which capabilities are active and potential metadata about the environment.
  • INDIRECT_PROMPT_INJECTION (LOW): The diagnostic output is generated from external JSON files that could be manipulated by other skills or malicious repositories.
  • Ingestion points: scripts/diagnose_plugins.py and scripts/enable_all_plugins.py read from ~/.claude/settings.json and installed_plugins.json.
  • Boundary markers: Absent. Output is provided as raw text for the agent to interpret.
  • Capability inventory: scripts/enable_all_plugins.py can modify the enabledPlugins list in settings.json, allowing it to activate any installed plugin.
  • Sanitization: Absent. The scripts perform direct JSON parsing and modification without validating the integrity of the plugin metadata.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:14 PM